From 3a87a86e33c20aab20d8b221adae2015d12bbb80 Mon Sep 17 00:00:00 2001 From: Lennart Poettering Date: Fri, 14 Jul 2017 18:42:17 +0200 Subject: [PATCH] audit: introduce audit_session_is_valid() and make use of it everywhere Let's add a proper validation function, since validation isn't entirely trivial. Make use of it where applicable. Also make use of AUDIT_SESSION_INVALID where we need a marker for an invalid audit session. --- src/basic/audit-util.c | 4 ++-- src/basic/audit-util.h | 4 ++++ src/libsystemd/sd-bus/bus-creds.c | 2 +- src/login/logind-dbus.c | 6 +++--- src/login/logind-session.c | 8 ++++---- 5 files changed, 14 insertions(+), 10 deletions(-) diff --git a/src/basic/audit-util.c b/src/basic/audit-util.c index d1c9695973..24a6c8a936 100644 --- a/src/basic/audit-util.c +++ b/src/basic/audit-util.c @@ -54,7 +54,7 @@ int audit_session_from_pid(pid_t pid, uint32_t *id) { if (r < 0) return r; - if (u == AUDIT_SESSION_INVALID || u <= 0) + if (!audit_session_is_valid(u)) return -ENODATA; *id = u; @@ -81,7 +81,7 @@ int audit_loginuid_from_pid(pid_t pid, uid_t *uid) { if (r < 0) return r; - *uid = (uid_t) u; + *uid = u; return 0; } diff --git a/src/basic/audit-util.h b/src/basic/audit-util.h index e048503991..3088951326 100644 --- a/src/basic/audit-util.h +++ b/src/basic/audit-util.h @@ -29,3 +29,7 @@ int audit_session_from_pid(pid_t pid, uint32_t *id); int audit_loginuid_from_pid(pid_t pid, uid_t *uid); bool use_audit(void); + +static inline bool audit_session_is_valid(uint32_t id) { + return id > 0 && id != AUDIT_SESSION_INVALID; +} diff --git a/src/libsystemd/sd-bus/bus-creds.c b/src/libsystemd/sd-bus/bus-creds.c index 649fcdba44..f10592acd6 100644 --- a/src/libsystemd/sd-bus/bus-creds.c +++ b/src/libsystemd/sd-bus/bus-creds.c @@ -570,7 +570,7 @@ _public_ int sd_bus_creds_get_audit_session_id(sd_bus_creds *c, uint32_t *sessio if (!(c->mask & SD_BUS_CREDS_AUDIT_SESSION_ID)) return -ENODATA; - if (c->audit_session_id == AUDIT_SESSION_INVALID) + if (!audit_session_is_valid(c->audit_session_id)) return -ENXIO; *sessionid = c->audit_session_id; diff --git a/src/login/logind-dbus.c b/src/login/logind-dbus.c index c9b7d99818..e22956bda2 100644 --- a/src/login/logind-dbus.c +++ b/src/login/logind-dbus.c @@ -767,8 +767,8 @@ static int method_create_session(sd_bus_message *message, void *userdata, sd_bus if (hashmap_size(m->sessions) >= m->sessions_max) return sd_bus_error_setf(error, SD_BUS_ERROR_LIMITS_EXCEEDED, "Maximum number of sessions (%" PRIu64 ") reached, refusing further sessions.", m->sessions_max); - audit_session_from_pid(leader, &audit_id); - if (audit_id > 0) { + (void) audit_session_from_pid(leader, &audit_id); + if (audit_session_is_valid(audit_id)) { /* Keep our session IDs and the audit session IDs in sync */ if (asprintf(&id, "%"PRIu32, audit_id) < 0) @@ -780,7 +780,7 @@ static int method_create_session(sd_bus_message *message, void *userdata, sd_bus * ID */ if (hashmap_get(m->sessions, id)) { log_warning("Existing logind session ID %s used by new audit session, ignoring", id); - audit_id = 0; + audit_id = AUDIT_SESSION_INVALID; id = mfree(id); } diff --git a/src/login/logind-session.c b/src/login/logind-session.c index 42dfecaffb..11d9e8ff5e 100644 --- a/src/login/logind-session.c +++ b/src/login/logind-session.c @@ -82,6 +82,7 @@ Session* session_new(Manager *m, const char *id) { s->manager = m; s->fifo_fd = -1; s->vtfd = -1; + s->audit_id = AUDIT_SESSION_INVALID; return s; } @@ -283,7 +284,7 @@ int session_save(Session *s) { if (s->leader > 0) fprintf(f, "LEADER="PID_FMT"\n", s->leader); - if (s->audit_id > 0) + if (audit_session_is_valid(s->audit_id)) fprintf(f, "AUDIT=%"PRIu32"\n", s->audit_id); if (dual_timestamp_is_set(&s->timestamp)) @@ -459,9 +460,8 @@ int session_load(Session *s) { } if (leader) { - k = parse_pid(leader, &s->leader); - if (k >= 0) - audit_session_from_pid(s->leader, &s->audit_id); + if (parse_pid(leader, &s->leader) >= 0) + (void) audit_session_from_pid(s->leader, &s->audit_id); } if (type) {